File Upload RCE | Natas: OverTheWire (Level 12)

In Level 12 of OverTheWire's Natas CTF wargame, we learn about web request intercepting, and use Burp Suite to upload a malicious PHP file to the webpage.

OverTheWire: overthewire.org/wargames/
Writeups: github.com/odacavo/overthewire/tree/main/01_natas

Burp Suite: portswigger.net/burp
FoxyProxy: getfoxyproxy.org/
RegExr: regexr.com/
Regex101: regex101.com/r/iU2cE2/1

0:00 - Introduction
00:28 - Source Code Walkthrough
2:51 - Burp Suite and Proxy Setup
5:35 - Request Intercepting and Exploiting
11:13 - Python getflag.py Script
18:55 - Conclusion